Multiple ManageEngine Products are prone to multiple arbitrary file-upload vulnerabilities. An attacker can exploit this issue to upload arbitrary code and run it in the context of the web server process; other attacks are also possible.